From 056001dc8fc345f3e4775facda94d11f75126d1a Mon Sep 17 00:00:00 2001
From: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue, 5 Dec 2017 12:27:31 -0800
Subject: [PATCH] deps: cherry-pick 0bcb1d6f from upstream V8

Original commit message:

    Introduce --disallow-code-generation-from-strings

    Exposing the existing Context::AllowCodeGenerationFromStrings(false) API
    to the command line.

    Bug: v8:7134
    Change-Id: I062ccff0b03c5bcf6878c41c455c0ded37a1d743
    Reviewed-on: https://chromium-review.googlesource.com/809631
    Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
    Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#49911}

PR-URL: https://github.com/nodejs/node/pull/18212
Refs: https://github.com/v8/v8/commit/0bcb1d6f2de9b278b1de7de1b5333e7f47fdce8e
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Gus Caplan <me@gus.host>
---
 common.gypi                                           | 2 +-
 deps/v8/src/bootstrapper.cc                           | 5 +++++
 deps/v8/src/flag-definitions.h                        | 2 ++
 deps/v8/test/mjsunit/disallow-codegen-from-strings.js | 9 +++++++++
 4 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 deps/v8/test/mjsunit/disallow-codegen-from-strings.js

diff --git a/common.gypi b/common.gypi
index 5752c17168d50a..aaae133e1ac188 100644
--- a/common.gypi
+++ b/common.gypi
@@ -27,7 +27,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.20',
+    'v8_embedder_string': '-node.21',
 
     # Enable disassembler for `--print-code` v8 options
     'v8_enable_disassembler': 1,
diff --git a/deps/v8/src/bootstrapper.cc b/deps/v8/src/bootstrapper.cc
index dc211962685b77..950436493caa04 100644
--- a/deps/v8/src/bootstrapper.cc
+++ b/deps/v8/src/bootstrapper.cc
@@ -5299,6 +5299,11 @@ Genesis::Genesis(
     if (!InstallDebuggerNatives()) return;
   }
 
+  if (FLAG_disallow_code_generation_from_strings) {
+    native_context()->set_allow_code_gen_from_strings(
+        isolate->heap()->false_value());
+  }
+
   ConfigureUtilsObject(context_type);
 
   // Check that the script context table is empty except for the 'this' binding.
diff --git a/deps/v8/src/flag-definitions.h b/deps/v8/src/flag-definitions.h
index bcb5a2c982b5a7..fe175c706accb3 100644
--- a/deps/v8/src/flag-definitions.h
+++ b/deps/v8/src/flag-definitions.h
@@ -732,6 +732,8 @@ DEFINE_BOOL(expose_trigger_failure, false, "expose trigger-failure extension")
 DEFINE_INT(stack_trace_limit, 10, "number of stack frames to capture")
 DEFINE_BOOL(builtins_in_stack_traces, false,
             "show built-in functions in stack traces")
+DEFINE_BOOL(disallow_code_generation_from_strings, false,
+            "disallow eval and friends")
 
 // builtins.cc
 DEFINE_BOOL(allow_unsafe_function_constructor, false,
diff --git a/deps/v8/test/mjsunit/disallow-codegen-from-strings.js b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js
new file mode 100644
index 00000000000000..30d1b967d5f128
--- /dev/null
+++ b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js
@@ -0,0 +1,9 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --disallow-code-generation-from-strings
+
+assertThrows("1 + 1", EvalError);
+assertThrows(() => eval("1 + 1"), EvalError);
+assertThrows(() => Function("x", "return x + 1"), EvalError);